Introduction xxiAssessment Test xxxChapter 1 Privacy in the Modern Era 1Introduction to Privacy 2What Is Privacy? 3What Is Personal Information? 4What Isn't Personal Information? 5Why Should We Care About Privacy? 7Generally Accepted Privacy Principles 8Management 9Notice 10Choice and Consent 10Collection 10Use, Retention, and Disposal 11Access 11Disclosure to Third Parties 12Security for Privacy 13Quality 14Monitoring and Enforcement 14Developing a Privacy Program 15Crafting Strategy, Goals, and Objectives 15Appointing a Privacy Official 17Privacy Roles 18Building Inventories 18Conducting a Privacy Assessment 19Implementing Privacy Controls 20Ongoing Operation and Monitoring 20Online Privacy 21Privacy Notices 21Privacy and Cybersecurity 22Cybersecurity Goals 23Relationship Between Privacy and Cybersecurity 24Privacy by Design 25Summary 26Exam Essentials 26Review Questions 27Chapter 2 Legal Environment 31Branches of Government 32Legislative Branch 32Executive Branch 33Judicial Branch 34Understanding Laws 36Sources of Law 36Analyzing a Law 41Legal Concepts 43Legal Liability 44Torts and Negligence 45Summary 46Exam Essentials 46Review Questions 48Chapter 3 Regulatory Enforcement 53Federal Regulatory Authorities 54Federal Trade Commission 54Federal Communications Commission 60Department of Commerce 61Department of Health and Human Services 61Banking Regulators 62Department of Education 63State Regulatory Authorities 63Self-Regulatory Programs 64Payment Card Industry 64Advertising 65Trust Marks 66Safe Harbors 67Summary 67Exam Essentials 68Review Questions 69Chapter 4 Information Management 73Data Governance 74Building a Data Inventory 74Data Classification 75Data Flow Mapping 77Data Lifecycle Management 78Workforce Training 79Cybersecurity Threats 80Threat Actors 80Incident Response 85Phases of Incident Response 86Preparation 87Detection and Analysis 87Containment, Eradication, and Recovery 88Post-incident Activity 88Building an Incident Response Plan 90Data Breach Notification 92Vendor Management 93Summary 94Exam Essentials 94Review Questions 96Chapter 5 Private Sector Data Collection 101FTC Privacy Protection 103General FTC Privacy Protection 103The Children's Online Privacy Protection Act (COPPA) 104Future of Federal Enforcement 107Medical Privacy 110The Health Insurance Portability and Accountability Act (HIPAA) 110The Health Information Technology for Economic and Clinical Health Act 118The 21st Century Cures Act 120Confidentiality of Substance Use Disorder Patient Records Rule 120Financial Privacy 121Privacy in Credit Reporting 121Gramm-Leach-Bliley Act (GLBA) 125Red Flags Rule 128Consumer Financial Protection Bureau 129Educational Privacy 130Family Educational Rights and Privacy Act (FERPA) 130Telecommunications and Marketing Privacy 132Telephone Consumer Protection Act (TCPA)and Telemarketing Sales Rule (TSR) 132The Junk Fax Prevention Act (JFPA) 135Controlling the Assault of Non-solicited Pornography and Marketing (CAN-SPAM) Act 135Telecommunications Act and Customer Proprietary Network Information 137Cable Communications Policy Act 138Video Privacy Protection Act (VPPA) of 1988 139Summary 140Exam Essentials 141Review Questions 143Chapter 6 Government and Court Access to Private Sector Information 147Law Enforcement and Privacy 148Access to Financial Data 149Access to Communications 153National Security and Privacy 157Foreign Intelligence Surveillance Act (FISA) of 1978 157USA-PATRIOT Act 159The USA Freedom Act of 2015 162The Cybersecurity Information Sharing Act of 2015 163Civil Litigation and Privacy 164Compelled Disclosure of Media Information 164Electronic Discovery 166Summary 168Exam Essentials 168Review Questions 170Chapter 7 Workplace Privacy 175Introduction to Workplace Privacy 176Workplace Privacy Concepts 176U.S. Agencies Regulating Workplace Privacy Issues 177U.S. Antidiscrimination Laws 178Privacy Before, During, and After Employment 181Employee Background Screening 182Employee Monitoring 185Investigation of Employee Misconduct 189Termination of the Employment Relationship 191Summary 193Exam Essentials 193Review Questions 195Chapter 8 State Privacy Laws 199Federal vs. State Authority 200Financial Data 200Credit History 201California Financial Information Privacy Act 201Data Security 202Recent Developments 204Data Breach Notification Laws 212Elements of State Data Breach Notification Laws 212Key Differences Among States Today 214Recent Developments 215Marketing Laws 216Summary 217Exam Essentials 218Review Questions 219Chapter 9 International Privacy Regulation 223International Data Transfers 224European Union General Data Protection Regulation 225Adequacy Decisions 228U.S.-EU Safe Harbor and Privacy Shield 228Binding Corporate Rules 230Standard Contractual Clauses 230Other Approved Transfer Mechanisms 231APEC Privacy Framework 231Cross-Border Enforcement Issues 233Global Privacy Enforcement Network 233Resolving Multinational Compliance Conflicts 234Summary 234Exam Essentials 235Review Questions 236Appendix Answers to Review Questions 241Chapter 1: Privacy in the Modern Era 242Chapter 2: Legal Environment 243Chapter 3: Regulatory Enforcement 245Chapter 4: Information Management 247Chapter 5: Private Sector Data Collection 249Chapter 6: Government and Court Access to Private Sector Information 251Chapter 7: Workplace Privacy 252Chapter 8: State Privacy Laws 254Chapter 9: International Privacy Regulation 256Index 259

Mike Chapple, PhD, CIPP/US, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP, CySA+, CISM, PenTest+, and Security+.Joe Shelley, M.A., CIPP/US, is currently the Vice President for Libraries and Information Technology at Hamilton College in New York. Among other responsibilities he oversees information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. He has also held certifications and certificates for ITIL, Project Management, and Scrum.